CN111383378B - Access control identification system information node interconnection method based on block chain architecture - Google Patents
Access control identification system information node interconnection method based on block chain architecture Download PDFInfo
- Publication number
- CN111383378B CN111383378B CN202010164554.0A CN202010164554A CN111383378B CN 111383378 B CN111383378 B CN 111383378B CN 202010164554 A CN202010164554 A CN 202010164554A CN 111383378 B CN111383378 B CN 111383378B
- Authority
- CN
- China
- Prior art keywords
- data
- alliance
- information
- nodes
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Time Recorders, Dirve Recorders, Access Control (AREA)
Abstract
The invention relates to an access control identification system information node interconnection method based on a block chain architecture, which overcomes the defect that a plurality of sub-nodes in an access control management system are difficult to connect by using a block chain technology compared with the prior art. The invention comprises the following steps: defining aiming at information nodes in a block chain architecture alliance; assigning authority of nodes in the alliance; the alliance deploys the system channel; and interconnection of nodes in the alliance. The invention adopts the digital certificate to realize the member and channel management of the block chain alliance, realizes the data inter-access of the alliance members by adopting data separation and the limitation of the member to the data channel access, ensures that the alliance members can not obtain excessive information except service correlation, and ensures the establishment of an information node data circulation channel under the condition of data isolation and the condition of mutual isolation of the data access channels.
Description
Technical Field
The invention relates to the technical field of block chain application, in particular to an access control identification system information node interconnection method based on a block chain architecture.
Background
At present, the traditional entrance guard management system based on biological characteristics (fingerprint identification, face identification and the like) adopts centralized data storage and management (server), identity information of entrance guard visitors, biological characteristic data of the entrance guard visitors, enterprise organization structures, structures of the entrance guard system and the like are stored on a specific server in a centralized mode, and the system is managed in a centralized mode by a small number of people and is not beneficial to protecting privacy data of the visitors. From the data case type, after the centralized server is broken, all data are disclosed, and the physical security is poor. The problems of the traditional access control system are as follows:
1. in a traditional access control system, identity information, biological characteristic information and access authority information of an accessor are stored in an enterprise organization in a centralized manner, and information storage points of the traditional access control system are easy to become the focus of information leakage and information safety problems;
2. in a typical access control system, an access control terminal usually acquires biometric data of an accessing person, compares and finds identity information of the accessing person, and then determines whether the access control is open or not according to the identity information. In the process, information related to personal identity is gathered in the access control terminal, and the information leakage of the access control terminal easily causes the leakage of the identity of an access person and biological data of the access person, so that the hidden danger of property and the like is brought to the access person.
The distributed data storage mode based on the block chain and the like integrates the advantages of open transparency, and is widely applied to the digital currency idea, so that the separated storage of the data can be ensured by utilizing the technical advantages of the block chain. However, how to connect a plurality of sub-nodes in the access control management system so that the plurality of sub-nodes can access each other based on the blockchain architecture has become an urgent technical problem to be solved.
Disclosure of Invention
The invention aims to solve the defect that a plurality of sub-nodes in an access control management system are difficult to be connected by using a block chain technology in the prior art, and provides an information node interconnection method of an access control identification system based on a block chain architecture to solve the problems.
In order to achieve the purpose, the technical scheme of the invention is as follows:
an access control identification system information node interconnection method based on a block chain architecture is disclosed, wherein the access control identification system comprises a data service provider consisting of data services required by an access control system, a alliance member management server required by an alliance member, a biological identification server for realizing biological characteristic data, various access control devices, a software server, mobile phone application software, a data channel for providing communication of different software and hardware devices and a software server used for enterprise attendance management as an enterprise manager, and the information nodes form a block chain architecture alliance, wherein the biological characteristic data comprises a face, an iris, a gait and a fingerprint;
the method for interconnecting the information nodes of the access control identification system comprises the following steps:
11) defining aiming at information nodes in a block chain architecture alliance: defining a coalition member management server as a coalition root node; all the member management servers of all the following alliances are child nodes, and all the information nodes are leaf nodes and comprise access control equipment, a software server, mobile phone application software, a biological identification server, a data provider and an enterprise manager;
12) and (3) permission allocation of nodes in the alliance: carrying out certificate deployment on nodes in the block alliance;
13) and (3) deploying a system channel by the alliance: a alliance manager establishes a data service provider rule and establishes an application layer data channel and a channel rule;
14) interconnection of nodes in the alliance: after the nodes in the alliance are logged in, the alliance administrator permission is obtained according to the authority, and the nodes are interconnected by using the corresponding channels.
The permission distribution of the nodes in the alliance comprises the following steps:
21) the alliance root node generates a private key, fills the private key into the alliance root server information to generate a request certificate file, sends a request to a block chain CA (certificate authority) certificate, and obtains the alliance root certificate after being signed by a block chain CA center;
22) each child node in the alliance sequentially requests an alliance root node, and after the alliance root node verifies the related authority information of the information node, the information node is signed to generate a corresponding certificate;
23) the federation root node and the federation child nodes hash the information node certificate digest information to generate Token codes serving as certificates of all service nodes for logging in the federation;
24) each child node stores a respective certificate, a private key and Token information;
25) all members in the alliance repeat the steps to apply for the certificate until the certificate is completely issued.
The deployment of the system channel by the alliance comprises the following steps:
31) the alliance root node divides data managed in an alliance of the access control identification system, and the data are provided by different data services to form a data service provider;
32) the federation root node deploys a system service channel for federation management to provide basic information service for all members in a federation, wherein the basic information service comprises certificates of the members in the federation, Token application, management of access authority of the channels of the members in the federation, and system rule management for data of a data provider, an application channel is a data access channel for actual entrance guard business, and all the channels are encrypted through the certificates;
33) the alliance root node defines a system rule, namely a black and white list of service objects of each data service provider, and is handed to the data service provider to be executed; wherein, the device asset directory access object is defined as an enterprise asset device management application program, the enterprise organization directory is enterprise personnel attendance management software, and the biological characteristic data service object is only a corresponding biological characteristic identification server and cannot be accessed by other applications;
34) a federation root node establishes a federation application layer data channel and specifies two ends of a member which can be accessed by each data channel; a personal biological characteristic data service channel is specified, only a personal biological characteristic data service provider and a biological identification server type device are allowed to enter, the data channel adopts a mixed encryption mode, and certificates at two ends of the device are used for exchanging communication keys;
35) an enterprise manager accesses the application layer rule channel and indicates the application layer rule of data access of the administrative equipment to a data service provider, wherein a certain office biological characteristic identification server is indicated, and only biological characteristic data of members in an office area can be obtained;
36) repeating step 33) and step 35) for the data service provider and data channel to be established, according to the service requirements.
The interconnection of nodes in the alliance comprises the following steps:
41) and (3) logging in by the coalition members:
411) the alliance members log in alliance services through a login channel by distributing the obtained alliance Token;
412) the federation root node searches a corresponding certificate according to the Token and judges the member type;
42) obtaining a data service provider:
421) the alliance manager issues an accessible data channel to the member according to the rule; when the alliance root node identifies that a certain device is a face identification server, a data provider list for providing face data and a personal biological characteristic data channel for accessing the face data are issued to the device;
422) member access channels correspond to specific data service providers, and both data transaction parties exchange certificates to establish encrypted application channels;
43) federation members exchange data within the channel: the data service provider provides data service for the members according to the system rule and the application layer rule, wherein a certain device is identified as mobile phone application through a certificate corresponding to Token, and the account book service only provides attendance record and statistical information of a mobile phone owner.
The interconnection of the nodes in the alliance is an access method of access control equipment, and the method comprises the following specific steps:
51) establishing data division in the alliance, wherein except the personal identity data service providers, other data service providers do not store or provide specific personal identity data, and the individual generates an identity ID (identity) according to identity digest information hash of the individual;
52) an accessor accesses the access control through face recognition, the access control logs in through Token, and the alliance identifies an accessed information node as the access control according to a Token corresponding certificate;
53) the alliance root node returns a face recognition server, a list of accounting service data service providers, and channels for accessing the face recognition server and accounting services to the access control;
54) the access control is connected with the face recognition server and transmits the collected face data;
55) the face recognition server logs in the block chain alliance to obtain an access biological characteristic data provider, a personal-entrance guard access right and an access channel; the biological characteristic data supplier sends face data of the visitor to the face recognition server according to the system rule and the application layer rule, and the face recognition server recognizes the visitor and obtains the identity ID of the visitor;
56) the face recognition server establishes connection with a personal-entrance guard access authority data supplier to obtain entrance guard permission;
57) the face recognition server is communicated with the entrance guard control to open the entrance guard;
58) the entrance guard control and the accounting service are communicated, and the identity ID of an accessing person, equipment identification information and access time information are recorded;
59) the accounting service inquires data from the equipment asset directory, the personal identity data service and the enterprise organization directory according to the ID of the visitor and the equipment identification information to generate an access log.
The method for inquiring the personal access record for the mobile phone application software by interconnecting the nodes in the alliance comprises the following specific steps:
61) the mobile phone application software logs in the alliance through Token, the alliance root node identifies the mobile phone application according to the corresponding certificate information, and returns an accounting service data provider and a corresponding access channel;
62) the mobile phone application software establishes communication with a billing service data provider and requests attendance data retrieval service;
63) the accounting service data provider retrieves the enterprise organization directory and the personal identity data service to obtain the owner identity ID;
64) the mobile phone application software establishes communication with the billing service data provider, and the billing service returns personal attendance information to the mobile phone application according to the identity ID of the mobile phone owner.
Advantageous effects
Compared with the prior art, the method for interconnecting the information nodes of the access control identification system based on the block chain architecture adopts the digital certificate to realize member and channel management of the block chain alliance, adopts data separation and limitation of the member to data channel access to realize data inter-access of the alliance members, ensures that the alliance members cannot obtain excessive information except service related information, and ensures that the establishment of information node data circulation channels under the condition of data isolation and data access channel mutual isolation is realized.
The invention establishes the trust relationship of each information node of the access control system by using the digital certificate and establishes the communication link of the information nodes of the access control system on the premise of data isolation. Meanwhile, the whole process from entrance guard identification to attendance inquiry statistics, including personal information, organization information and biological characteristic information, is prevented from being concentrated in a certain specific information node, so that facilities such as attendance application software, entrance guard control terminals, mobile phones and the like are prevented from being illegally invaded, and the personal information and organization data are integrally leaked, so that personal and property losses are caused. Avoiding for example: the personal identity information and the biological information are leaked due to the fact that the access control system and the biological characteristic recognition server are invaded or abused by equipment, and therefore property or social loss caused by the fact that the identity information of an visitor is abused is avoided; the mobile phone is prevented from being used by improper people, and information such as enterprise organization information is exposed, so that hackers are prevented from illegally acquiring enterprise intellectual property by using social engineering means; the information such as the whereabouts of identity-sensitive people such as enterprise high management and the like is prevented from being abnormally exposed, and adverse effects are brought to enterprises or individuals; the data loss caused by illegal use of the authority of the key information responsible person of the enterprise is avoided.
Drawings
FIG. 1 is a sequence diagram of the method of the present invention;
FIG. 2 is a schematic diagram of the connection of the door access identification system of the present invention;
FIG. 3 is a schematic diagram illustrating the distribution of rights to nodes in a federation according to the present invention;
FIG. 4 is a schematic diagram illustrating a deployment principle of a federation system channel in the present invention;
fig. 5 is a schematic diagram of the architecture of the federation data service provider in the present invention.
Detailed Description
So that the manner in which the above recited features of the present invention can be understood and readily understood, a more particular description of the invention, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings, wherein:
as shown in fig. 2, the access control identification system includes a data service provider that provides data services required by the access control system, a federation member management server required by management of federation members, a biometric identification server that implements biometric data, various access control devices, a software server, mobile phone application software, a data channel for providing communication between different software and hardware devices, and a software server used for enterprise attendance management as an enterprise administrator, where the above information nodes form a block chain architecture federation, where the biometric data includes face, iris, gait, and fingerprint.
The block chain architecture-based access control identification system adopts a distributed data management structure based on the block chain, and ensures the data security of the access control system. Meanwhile, based on mechanisms such as a block chain super account book and the like, the attendance record is guaranteed to be open and transparent to access.
As shown in fig. 1, the method for interconnecting information nodes of an access control identification system includes the following steps:
first, defining the information node in the block chain architecture alliance.
Defining a coalition member management server as a coalition root node; all the management servers of all the levels of coalition members are child nodes, and all the information nodes are leaf nodes and comprise access control equipment, a software server, mobile phone application software, a biological identification server, a data provider and an enterprise manager.
And secondly, permission distribution of nodes in the alliance: and carrying out certificate deployment on nodes in the block alliance. The system channel rule and the application layer channel rule set up by the block chain for the permission distribution stipulate the information acquisition channel and content of the coalition members, and unnecessary information is prevented from being requested by the information node.
As shown in fig. 3, the specific steps are as follows:
(1) the alliance root node generates a private key, fills the private key into the alliance root server information to generate a request certificate file, sends a request to a block chain CA (certificate authority) certificate, and obtains the alliance root certificate after being signed by a block chain CA center;
(2) each child node in the alliance sequentially requests an alliance root node, and after the alliance root node verifies the related authority information of the information node, the information node is signed to generate a corresponding certificate;
(3) the federation root node and the federation child nodes hash the information node certificate digest information to generate Token codes serving as certificates of all service nodes for logging in the federation;
(4) each child node stores a respective certificate, a private key and Token information;
(5) all members in the alliance repeat the steps to apply for the certificate until the certificate is completely issued.
Thirdly, the alliance deploys the system channel: the federation administrator establishes data service provider rules and establishes application layer data channels and channel rules. The application layer data channel is an information channel for data exchange of coalition members provided based on a block chain technology, and a certificate-based hybrid encryption mechanism is adopted, so that identity confidentiality and identity trueness and credibility of both communication parties can be guaranteed.
As shown in fig. 4, the specific steps are as follows:
(1) the federation root node divides data managed in the federation of the access control identification system, and delivers the data to different data services to form a data service provider, as shown in fig. 5.
(2) And the federation root node deploys a system service channel for federation management to provide basic information service for all members in the federation. For example: the method comprises the steps of management of a certificate of a coalition member, Token application, access authority of a coalition member channel and system rule management of data of a data provider, wherein an application channel is a data access channel for actual door access service, and all channels are encrypted through the certificate.
(3) The federation root node defines system rules, namely black and white lists of service objects of each data service provider, and is handed over to the data service providers for execution. Such as defining device asset directory access objects as enterprise asset device management applications, enterprise organization directories as enterprise personnel attendance management software, biometric data service objects as corresponding biometric identification servers only and not accessible by other applications.
(4) And the federation root node establishes a federation application layer data channel and specifies two ends of the member which can be accessed by each data channel. For example, a personal biological characteristic data service channel is defined, only a personal biological characteristic data service provider and a biological identification server type device are allowed to enter, the data channel adopts a mixed encryption mode, and a communication key is interacted by using certificates at two ends of the device.
(5) The enterprise manager accesses the application layer rule channel and indicates to the data service provider the application layer rules for data access by the jurisdictional device. For example, an office biometric server may be designated to obtain only biometric data of members in its office area.
(6) And (5) repeating the step (3) and the step (5) for the data service provider and the data channel to be established according to the business requirement.
And fourthly, interconnecting the nodes in the alliance. After the nodes in the alliance are logged in, the alliance administrator permission is obtained according to the authority, and the nodes are interconnected by using the corresponding channels. And an encrypted channel access mechanism is adopted, so that the data of the information nodes are ensured to be accessed in pairs in the channel, the monitoring of a third party is prevented, and the concealment of information exchange is ensured.
The method comprises the following specific steps:
(1) and (3) logging in by the coalition members:
A1) the alliance members log in alliance services through a login channel by distributing the obtained alliance Token;
A2) and the federation root node searches the corresponding certificate according to the Token and judges the member type.
(2) Obtaining a data service provider:
B1) the alliance manager issues an accessible data channel to the member according to the rule; for example, when a federation root node recognizes that a certain device is a face recognition server, the federation root node issues a data provider list for providing face data and a personal biological characteristic data channel for accessing the face data;
B2) the member access channels are all corresponding to specific data service providers, and the two parties of the data transaction exchange certificates to establish encrypted application channels.
(3) Federation members exchange data within the channel: the data service provider provides data service for the members according to the system rules and the application layer rules, for example, a certificate corresponding to Token identifies that a certain device is a mobile phone application, and the account book service only provides attendance records and statistical information of a mobile phone owner.
Here, a first implementation of intra-federation node interconnection is provided: the interconnection of nodes in the alliance is an access control device access method, a typical scene is that enterprise employees pass through a company entrance guard through face recognition, and the method comprises the following specific steps:
(1) establishing data division in the alliance, wherein except the personal identity data service providers, other data service providers do not store or provide specific personal identity data, and the individual generates an identity ID (identity) according to identity digest information hash of the individual;
(2) an accessor accesses the access control through face recognition, the access control logs in through Token, and the alliance identifies an accessed information node as the access control according to a Token corresponding certificate;
(3) the alliance root node returns a face recognition server, a list of accounting service data service providers, and channels for accessing the face recognition server and accounting services to the access control;
(4) the access control is connected with the face recognition server and transmits the collected face data;
(5) the face recognition server logs in the block chain alliance to obtain an access biological characteristic data provider, a personal-entrance guard access right and an access channel; the biological characteristic data supplier sends face data of the visitor to the face recognition server according to the system rule and the application layer rule, and the face recognition server recognizes the visitor and obtains the identity ID of the visitor;
(6) the face recognition server establishes connection with a personal-entrance guard access authority data supplier to obtain entrance guard permission;
(7) the face recognition server is communicated with the entrance guard control to open the entrance guard;
(8) the entrance guard control and the accounting service are communicated, and the identity ID of an accessing person, equipment identification information and access time information are recorded;
(9) the accounting service inquires data from the equipment asset directory, the personal identity data service and the enterprise organization directory according to the ID of the visitor and the equipment identification information to generate an access log.
Here, a second implementation of intra-federation node interconnection is provided: the interconnection of nodes in the alliance queries personal access records for mobile phone application software, a typical scene is that a mobile phone owner checks attendance records through mobile phone application, and the method comprises the following specific steps:
(1) the mobile phone application software logs in the alliance through Token, the alliance root node identifies the mobile phone application according to the corresponding certificate information, and returns an accounting service data provider and a corresponding access channel;
(2) the mobile phone application software establishes communication with a billing service data provider and requests attendance data retrieval service;
(3) the accounting service data provider retrieves the enterprise organization directory and the personal identity data service to obtain the owner identity ID;
(4) the mobile phone application software establishes communication with the billing service data provider, and the billing service returns personal attendance information to the mobile phone application according to the identity ID of the mobile phone owner.
In the process, in the data transaction process, identity information, biological characteristic information and enterprise organization information of an visitor cannot appear in the same information node at the same time, so that information data leakage is avoided, and overall data safety in an attendance system is guaranteed.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are merely illustrative of the principles of the invention, but that various changes and modifications may be made without departing from the spirit and scope of the invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (4)
1. An access control identification system information node interconnection method based on a block chain architecture is disclosed, wherein the access control identification system comprises a data service provider consisting of data services required by an access control system, a alliance member management server required by an alliance member, a biological identification server for realizing biological characteristic data, various access control devices, a software server, mobile phone application software, a data channel for providing communication of different software and hardware devices and a software server used for enterprise attendance management as an enterprise manager, and the information nodes form a block chain architecture alliance, wherein the biological characteristic data comprises a face, an iris, a gait and a fingerprint;
the method for interconnecting the information nodes of the access control identification system is characterized by comprising the following steps of:
11) defining aiming at information nodes in a block chain architecture alliance: defining a coalition member management server as a coalition root node; all the member management servers of all the following alliances are child nodes, and all the information nodes are leaf nodes and comprise access control equipment, a software server, mobile phone application software, a biological identification server, a data provider and an enterprise manager;
12) and (3) permission allocation of nodes in the alliance: carrying out certificate deployment on nodes in the block alliance;
13) and (3) deploying a system channel by the alliance: a alliance manager establishes a data service provider rule and establishes an application layer data channel and a channel rule;
14) interconnection of nodes in the alliance: after logging in the nodes in the alliance, obtaining the permission of an alliance manager according to the permission, and performing node interconnection by using corresponding channels; the interconnection of nodes in the alliance comprises the following steps:
141) and (3) logging in by the coalition members:
1411) the alliance members log in alliance services through a login channel by distributing the obtained alliance Token;
1412) the federation root node searches a corresponding certificate according to the Token and judges the member type;
142) obtaining a data service provider:
1421) the alliance manager issues an accessible data channel to the member according to the rule; when the alliance root node identifies that a certain device is a face identification server, a data provider list for providing face data and a personal biological characteristic data channel for accessing the face data are issued to the device;
1422) member access channels correspond to specific data service providers, and both data transaction parties exchange certificates to establish encrypted application channels;
143) federation members exchange data within the channel: the data service provider provides data service for the members according to the system rule and the application layer rule, wherein a certain device is identified as mobile phone application through a certificate corresponding to Token, and the account book service only provides attendance record and statistical information of a mobile phone owner;
the interconnection of the nodes in the alliance is an access method of access control equipment, and the method comprises the following specific steps:
1451) establishing data division in the alliance, wherein except the personal identity data service providers, other data service providers do not store or provide specific personal identity data, and the individual generates an identity ID (identity) according to identity digest information hash of the individual;
1452) an accessor accesses the access control through face recognition, the access control logs in through Token, and the alliance identifies an accessed information node as the access control according to a Token corresponding certificate;
1453) the alliance root node returns a face recognition server, a list of accounting service data service providers, and channels for accessing the face recognition server and accounting services to the access control;
1454) the access control is connected with the face recognition server and transmits the collected face data;
1455) the face recognition server logs in the block chain alliance to obtain an access biological characteristic data provider, a personal-entrance guard access right and an access channel; the biological characteristic data supplier sends face data of the visitor to the face recognition server according to the system rule and the application layer rule, and the face recognition server recognizes the visitor and obtains the identity ID of the visitor;
1456) the face recognition server establishes connection with a personal-entrance guard access authority data supplier to obtain entrance guard permission;
1457) the face recognition server is communicated with the entrance guard control to open the entrance guard;
1458) the entrance guard control and the accounting service are communicated, and the identity ID of an accessing person, equipment identification information and access time information are recorded;
1459) the accounting service inquires data from the equipment asset directory, the personal identity data service and the enterprise organization directory according to the ID of the visitor and the equipment identification information to generate an access log.
2. The method for interconnecting information nodes of an entrance guard identification system based on a blockchain architecture according to claim 1, wherein the authority assignment of the nodes in the alliance comprises the following steps:
21) the alliance root node generates a private key, fills the private key into the alliance root server information to generate a request certificate file, sends a request to a block chain CA (certificate authority) certificate, and obtains the alliance root certificate after being signed by a block chain CA center;
22) each child node in the alliance sequentially requests an alliance root node, and after the alliance root node verifies the related authority information of the information node, the information node is signed to generate a corresponding certificate;
23) the federation root node and the federation child nodes hash the information node certificate digest information to generate Token codes serving as certificates of all service nodes for logging in the federation;
24) each child node stores a respective certificate, a private key and Token information;
25) all members in the alliance repeat the steps to apply for the certificate until the certificate is completely issued.
3. The method for interconnecting information nodes of an entrance guard identification system based on a blockchain architecture according to claim 1, wherein the step of deploying a system channel by a alliance comprises the following steps:
31) the alliance root node divides data managed in an alliance of the access control identification system, and the data are provided by different data services to form a data service provider;
32) the federation root node deploys a system service channel for federation management to provide basic information service for all members in a federation, wherein the basic information service comprises certificates of the members in the federation, Token application, management of access authority of the channels of the members in the federation, and system rule management for data of a data provider, an application channel is a data access channel for actual entrance guard business, and all the channels are encrypted through the certificates;
33) the alliance root node defines a system rule, namely a black and white list of service objects of each data service provider, and is handed to the data service provider to be executed; wherein, the device asset directory access object is defined as an enterprise asset device management application program, the enterprise organization directory is enterprise personnel attendance management software, and the biological characteristic data service object is only a corresponding biological characteristic identification server and cannot be accessed by other applications;
34) a federation root node establishes a federation application layer data channel and specifies two ends of a member which can be accessed by each data channel; a personal biological characteristic data service channel is specified, only a personal biological characteristic data service provider and a biological identification server type device are allowed to enter, the data channel adopts a mixed encryption mode, and certificates at two ends of the device are used for exchanging communication keys;
35) an enterprise manager accesses the application layer rule channel and indicates the application layer rule of data access of the administrative equipment to a data service provider, wherein a certain office biological characteristic identification server is indicated, and only biological characteristic data of members in an office area can be obtained;
36) repeating step 33) and step 35) for the data service provider and data channel to be established, according to the service requirements.
4. The method for interconnecting information nodes of an access control identification system based on a blockchain architecture according to claim 1, wherein the interconnection of nodes in a federation is a method for querying personal access records for mobile application software, and the method comprises the following specific steps:
41) the mobile phone application software logs in the alliance through Token, the alliance root node identifies the mobile phone application according to the corresponding certificate information, and returns an accounting service data provider and a corresponding access channel;
42) the mobile phone application software establishes communication with a billing service data provider and requests attendance data retrieval service;
43) the accounting service data provider retrieves the enterprise organization directory and the personal identity data service to obtain the owner identity ID;
44) the mobile phone application software establishes communication with the billing service data provider, and the billing service returns personal attendance information to the mobile phone application according to the identity ID of the mobile phone owner.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010164554.0A CN111383378B (en) | 2020-03-11 | 2020-03-11 | Access control identification system information node interconnection method based on block chain architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010164554.0A CN111383378B (en) | 2020-03-11 | 2020-03-11 | Access control identification system information node interconnection method based on block chain architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111383378A CN111383378A (en) | 2020-07-07 |
| CN111383378B true CN111383378B (en) | 2021-07-30 |
Family
ID=71219866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010164554.0A Active CN111383378B (en) | 2020-03-11 | 2020-03-11 | Access control identification system information node interconnection method based on block chain architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111383378B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112328992B (en) * | 2020-11-10 | 2022-09-13 | 上海亿为科技有限公司 | Human body detection method based on artificial intelligence and cloud server |
| CN112613866A (en) * | 2020-12-17 | 2021-04-06 | 中国工商银行股份有限公司 | Data access method and device applied to block chain |
| CN114882628B (en) * | 2022-07-11 | 2022-09-23 | 中海银河科技(北京)有限公司 | Data processing method and device, electronic equipment and computer readable medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101316273A (en) * | 2008-05-12 | 2008-12-03 | 华中科技大学 | Distributed safety memory system |
| CN109728954A (en) * | 2019-01-04 | 2019-05-07 | 深圳壹账通智能科技有限公司 | Alliance's chain node management system and method |
| CN109871669A (en) * | 2019-03-14 | 2019-06-11 | 哈尔滨工程大学 | A kind of data sharing solution based on block chain technology |
| CN109995596A (en) * | 2019-04-11 | 2019-07-09 | 李莉莉 | A kind of alliance's block chain visualization business partition method |
| CN110766850A (en) * | 2019-10-29 | 2020-02-07 | 深圳达闼科技控股有限公司 | Visitor information management method, access control system, server and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060206725A1 (en) * | 2002-04-23 | 2006-09-14 | Michael Milgramm | System and method for platform-independent biometrically verified secure information transfer and access control |
| CN109802993B (en) * | 2018-12-13 | 2021-06-04 | 深圳市链联科技有限公司 | Alliance chain building method based on supply chain ecology |
| EP3610383B1 (en) * | 2019-03-21 | 2021-07-07 | Advanced New Technologies Co., Ltd. | Data isolation in blockchain networks |
| CN110309634B (en) * | 2019-04-04 | 2020-12-22 | 深圳大通实业股份有限公司 | Credible advertisement data management system based on block chain |
-
2020
- 2020-03-11 CN CN202010164554.0A patent/CN111383378B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101316273A (en) * | 2008-05-12 | 2008-12-03 | 华中科技大学 | Distributed safety memory system |
| CN109728954A (en) * | 2019-01-04 | 2019-05-07 | 深圳壹账通智能科技有限公司 | Alliance's chain node management system and method |
| CN109871669A (en) * | 2019-03-14 | 2019-06-11 | 哈尔滨工程大学 | A kind of data sharing solution based on block chain technology |
| CN109995596A (en) * | 2019-04-11 | 2019-07-09 | 李莉莉 | A kind of alliance's block chain visualization business partition method |
| CN110766850A (en) * | 2019-10-29 | 2020-02-07 | 深圳达闼科技控股有限公司 | Visitor information management method, access control system, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111383378A (en) | 2020-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109714174B (en) | Internet of things equipment digital identity management system and method based on block chain | |
| CN111383378B (en) | Access control identification system information node interconnection method based on block chain architecture | |
| Panda et al. | A blockchain based decentralized authentication framework for resource constrained iot devices | |
| CN109040012A (en) | A kind of data security protecting and sharing method based on block chain and system and application | |
| CN103842984B (en) | Parameter based key derivation | |
| CN112311530A (en) | Block chain-based alliance trust distributed identity certificate management authentication method | |
| CN106488452B (en) | Mobile terminal safety access authentication method combining fingerprint | |
| US20070101400A1 (en) | Method of providing secure access to computer resources | |
| CN112199726A (en) | Block chain-based alliance trust distributed identity authentication method and system | |
| EP1943769A1 (en) | Method of providing secure access to computer resources | |
| CN109962890A (en) | A kind of the authentication service device and node access, user authen method of block chain | |
| CN114579943A (en) | Employee digital identity management system and method based on block chain | |
| CN109218981A (en) | Wi-Fi access authentication method based on position signal feature common recognition | |
| GB2384069A (en) | Transferring user authentication for first to second web site | |
| CN110855707A (en) | Internet of things communication pipeline safety control system and method | |
| CN111614664A (en) | Community correction information sharing method based on block chain | |
| CN114357490A (en) | Data sharing method, device and system based on block chain | |
| CN112134864A (en) | Evidence chain platform based on double-block chain structure and implementation method thereof | |
| CN115510492A (en) | Electronic medical record management system and method based on intelligent contracts | |
| Gürfidan et al. | A new approach with blockchain based for safe communication in IoT ecosystem | |
| CN114422189A (en) | Park security management system and method based on block chain technology | |
| CN110430207B (en) | Multi-point remote cross-network interaction collaborative authentication method for smart power grid | |
| CN116150801A (en) | Human resource management system based on block chain encryption | |
| CN115664760A (en) | Data transmission system based on cross-chain architecture and identity privacy protection | |
| Dincer et al. | Big data security: Requirements, challenges and preservation of private data inside mobile operators |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |